# kpara-synn.pages.dev — SUSPICIOUS

> PhishDestroy identifies kpara-synn.pages.dev as a live credential phishing site flagged at 0/95 on VirusTotal. Immediate action advised. Check the full report.

## Summary
PhishDestroy identifies kpara-synn.pages.dev as an active credential-phishing domain that mimics corporate or financial login pages to harvest user credentials. The site is currently hosted behind Cloudflare’s proxy at 172.66.44.166 and leverages Google Trust Services for TLS encryption, increasing its appearance of legitimacy to unsuspecting visitors. Because the domain is served over HTTPS and resolves to a well-known CDN IP, users may overlook red flags such as misspelled subdomains or unusual page content until it is too late.  This domain was flagged with zero detections on VirusTotal out of 95 scanners as of the latest scan, indicating it has not yet been widely blacklisted despite active abuse. Registrant privacy is obscured via Cloudflare, Inc., preventing easy attribution, while the SSL certificate issued by Google Trust Services further normalizes traffic to the phishing page. The rapid deployment and low initial detection rate suggest an opportunistic campaign designed to capture credentials before security engines catch up.  If you visited kpara-synn.pages.dev or entered any login details, immediately reset passwords on all related accounts and enable multi-factor authentication where available. Scan local devices with updated antivirus software and review account activity for unauthorized logins or data exfiltration. Report the domain to your organization’s security team and submit a phishing report to your email provider or platform to help accelerate global takedown efforts. Stay vigilant: treat any unsolicited login prompts as suspicious and verify the destination domain manually before entering credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.166

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4d82f63a-889d-4135-a133-e357387f5f82
- PhishDestroy: https://phishdestroy.io/domain/kpara-synn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/kpara-synn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kpara-synn.pages.dev/
Last updated: 2026-03-26